Can we trust the cloud?
The benefits and risks of storing data remotely
Since the recent revelation that an unsecured database, listing the personal details of 87 million Mexicans was discovered online, the safety of the cloud has once again come under scrutiny.
The personal information, which has now been taken offline, was discovered on a database on a cloud server provided by Amazon Web Services.
However, according to a BBC report, most of the major data breaches that have taken place over the last five years, from Sony to Ashley Madison, TalkTalk to Target, have been from internal, not cloud-based, databases.
Cloud computing - storing data and applications remotely rather than on your own premises - can cut IT costs dramatically and speed up your operations. Plus, being able to plug into a range of ready-made cloud-based services helps you develop new products at a faster pace, potentially giving you a competitive edge.
The biggest risk is giving up control of your data to someone else using different data centres in remote places, and that if there is a breach, your data could be potentially lost, wiped, corrupted or stolen.
In order to prevent this, information on the cloud should be protected by encryption both while the data is in transit and while it is “at rest" on the cloud servers. However, the Mexican data breach casts doubt on whether this is always the case. According to the report, Amazon Web Services, the biggest public cloud platform provider, has more than 1,800 security controls governing its services. Customers can choose to control their own encryption keys if they wish, as well as set the rules for who can and can't access the data or applications.
The report also claims that major cloud providers give customers the option to handle their own encryption keys, meaning no-one inside the provider could get access even if they wanted to. Some companies are also adopting a "hybrid" approach - keeping their more sensitive data in a private cloud and other data and applications in the public cloud.
Despite the benefits and the rise of public cloud platforms offered by the likes of Amazon Web Services, Microsoft Azure and Google Cloud, the report states that less than 10% of the world's data is currently stored in the cloud.
One argument is that it is still early days, and that many companies remain risk adverse.
As Amethyst MD Steve Howe said in his recent talk at the Cyber Security Professionals exhibition in York:
“Does anyone ask where this cloud is? Is this ‘cloud’ computer in the UK, China, Syria? Who else is sharing that cloud? “
“It’s confusing. A cloud looks so fluffy, nice and safe – but it isn’t. It’s someone else’s computer.”
Concerns around data privacy, particularly in Europe, such the rescinding of the Safe Harbour data sharing agreement - www.amethystrisk.com/news/does-european-court-ruling-signal-the-demise-of-safe-harbor - mean providers are increasingly offering the option to host data in customers' own region. Data centres can be anywhere in the world, but firms often want their data kept closer to home.
First and foremost, a cloud provider must understand your business. Prospective customers should check they understand the regulatory requirements governing data and that they can prove what they say they can do.
To read the report in full visit http://www.bbc.co.uk/news/business-36151754